A power plant carve-out is a complex endeavor that requires extensive planning and precise execution. In this case—between 2020 and 2021—the goal was to seamlessly transfer all IT components of a power plant to a new operator without disrupting ongoing operations or compromising safety. This large-scale project, valued in the multi-million euro range and involving 150 employees, had to be completed smoothly within less than two years.
Energy Industry
Carve-Out
2020-2021
< 2 years project
about 150 Employees
Project Challenges
The biggest challenge was mapping the full complexity of all technical assets.
The documentation was outdated, meaning many hardware and software components had to be identified and analyzed through automated processes. At the same time, operations could not be disrupted at any point—placing the highest demands on IT security.
Another critical issue was the management of Active Directory (AD) domains, which were distributed across multiple sites and required seamless synchronization with Azure Active Directory (AAD). Additionally, IAM (Identity and Access Management) policies had to be reviewed and adjusted to ensure that access rights were migrated correctly.
Project coordination is led by Jörg Bleyens and Harald Beck.
One of the most complex challenges was handling sensitive data.
This data was secured within a Microsoft 365 environment using Microsoft Information Protection (MIP) and needed to be cleanly decrypted for handover. Additionally, system-imposed M365 throttling had to be addressed through targeted load balancing measures, as it would have significantly slowed down the export process otherwise.
The migration of M365 SharePoint and OneDrive data presented another critical challenge. All retention policies, DLP (Data Loss Prevention) rules, and MIP labels had to be adjusted or removed—without violating compliance requirements.
Implementation Approach
To address all these challenges, an interdisciplinary team was assembled to develop a well-structured handover concept for each asset class.
Specialized transformation software, along with custom PowerShell scripts and the Microsoft Graph API, was used to efficiently identify and transfer all technical components.
The infrastructure migration included the following steps:
- Replication and synchronization of Active Directory (AD) using Azure AD Connect
- Migration of file servers to SharePoint Online, while preserving existing access control lists (ACLs)
- Automated migration of Exchange mailboxes
In addition, various systems—ranging from VoIP telecommunication systems, network switches, and firewalls to industrial control systems—had to be perfectly aligned.
Particular attention was paid to establishing a secure data extraction and transfer process.
Technology and Business Impact
Thanks to a clear strategy, intensive coordination, and close collaboration with all stakeholders, the project was successfully completed.
The new operator was able to begin regular operations without delays, while all GDPR and ISO 27001 requirements were strictly met.
The optimized IT and network architecture now enables more efficient operations in the long term.
The previous operator achieved the desired sale price, and the new operator benefited from a seamless transfer of technical components, enabling a financially successful start.
A wide range of methods and tools were used throughout the project, including:
- ITIL frameworks for service management
- DevOps pipelines for CI/CD automation
- Cloud-native security solutions for identity and access management (IAM)
Ultimately, this project demonstrated how critical early and detailed planning is for the success of large-scale, complex handovers.
The insights gained will serve as a best practice reference for future IT-driven carve-out projects, helping to make similar migrations even more efficient going forward.
Future-proofing your company
